Skip to main content
CVE-2023-1523 CRITICAL POC PATCH Act Now

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Snapd Ubuntu Linux
NVD GitHub
CVSS 3.1
10.0
EPSS
1.4%
CVE-2023-4712 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Smart Table Integrated Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40980 CRITICAL POC Act Now

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload Dwsurvey
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39631 CRITICAL POC PATCH Act Now

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-36100 CRITICAL POC Act Now

An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Icecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-36076 CRITICAL POC Act Now

SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Smanga
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-41364 CRITICAL POC Act Now

In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tine
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4713 HIGH POC This Week

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-40970 HIGH POC This Week

Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Senayan Library Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4697 HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4711 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP D-Link Command Injection Dar 8000 10 Firmware
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
5.8%
CVE-2023-4695 HIGH POC This Week

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Pkb Lib
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-3297 HIGH POC This Week

In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Ubuntu Accountsservice +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-24674 HIGH POC This Week

Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bludit
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36088 HIGH POC This Week

Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nebulagraph Studio
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4714 HIGH POC This Week

A vulnerability was found in PlayTube 3.0.1 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Playtube
NVD VulDB
CVSS 3.1
7.5
EPSS
5.2%
CVE-2023-41628 HIGH POC This Week

An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service E2
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-40968 HIGH POC This Week

Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Timg
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40771 HIGH POC This Week

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dataease
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39685 HIGH POC PATCH This Week

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Denial Of Service Hjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4698 HIGH POC PATCH This Week

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Memos
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39714 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39710 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39703 MEDIUM POC This Month

A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Typora
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40969 MEDIUM POC This Month

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Senayan Library Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-4708 CRITICAL POC THREAT Act Now

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Clcknshop
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
45.6%
CVE-2023-36328 CRITICAL PATCH Act Now

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service Libtommath Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-36327 CRITICAL PATCH Act Now

Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service Relic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36326 CRITICAL PATCH Act Now

Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service Relic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36187 CRITICAL Act Now

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear Cbr40 Firmware Lax20 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4696 CRITICAL PATCH Act Now

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Memos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4722 MEDIUM POC PATCH This Month

Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4721 MEDIUM POC PATCH This Month

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4720 MEDIUM POC PATCH This Month

Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4704 MEDIUM POC PATCH This Month

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Instantcms
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-25488 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Default Feature Image
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24675 MEDIUM POC This Month

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Bludit
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-41627 HIGH This Week

O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ric Message Router
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-28366 HIGH PATCH This Week

The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mosquitto
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-4647 HIGH This Week

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40239 HIGH This Week

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE C2132 Firmware Cs310 Firmware Cs317 Firmware +78
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4481 HIGH This Week

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
15.1%
CVE-2023-3915 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Gitlab
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-3210 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-3205 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-41046 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-4710 MEDIUM This Month

A vulnerability classified as problematic was found in TOTVS RM 12.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rm
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41049 MEDIUM PATCH This Month

@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js XSS Single Sign On Client
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4707 MEDIUM This Month

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Clcknshop
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37830 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contwise Case2
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy